Squid Protocol Hacked for $3M Hours After $6M Raise

The euphoria of Squid Crypto's $6 million strategic funding round, led by North Island Ventures with participation from Ripple, lasted less than 24 hours. On May 25, 2026, the protocol—a meta-DEX and chain-abstraction layer facilitating cross-chain swaps—fell victim to an exploit that drained approximately $3 million from 86 Gnosis Safe wallets on Ethereum and Base.

The Anatomy of the Attack

Security firm Blockaid detected the ongoing exploit targeting the SquidRouterModule, a third-party liquidity aggregation module integrated into Squid's cross-chain infrastructure. The attacker manipulated price feeds or misconfigured access permissions within this module, siphoning assets directly while bypassing the protocol's audited core contracts. All stolen tokens were swiftly swapped to DAI via attacker-controlled Uniswap V3 pools, a classic laundering technique that complicates recovery efforts.

This incident underscores a structural weakness in DeFi: audits typically cover submitted core components, not the full dependency tree. Squid's official response distanced the team from the breach, stating they did not deploy the specific module responsible—a move that raises questions about accountability and governance in composable protocols.

Timing and Market Impact

The timing could hardly be worse. The $6 million raise was positioned as a catalyst for expanding interoperability infrastructure, with Ripple's involvement signaling strategic alignment with cross-chain and payments roadmaps. That narrative collapsed within a single news cycle. For Ripple, which has been navigating its own market dynamics—XRP has traded between $1.10 and $1.60 for months—the association with a fresh exploit adds unwanted noise, though the direct impact on XRP's price remains muted.

The broader DeFi market has grown wary of such events. According to a recent research paper by teams from Google, Gray Swan AI, and EmbraceTheRed, securing AI agents—and by extension, automated DeFi modules—requires treating them as untrusted components within a wider system. The paper advocates for clear separation of instructions and untrusted data, minimal permissions, and system-level control of sensitive data flows. These principles, if applied to Squid's integration process, could have prevented the exploit.

Lessons for the Industry

Squid's exploit is a textbook case of the risks inherent in composable DeFi. While core contracts may be secure, each integrated module expands the attack surface. The attacker exploited a peripheral component that likely escaped rigorous review. As DeFi protocols race to offer cross-chain functionality, the pressure to integrate quickly often overrides thorough security vetting.

For investors and users, the incident serves as a stark reminder: a protocol's security is only as strong as its weakest integrated component. Squid's attempt to deflect responsibility may protect its legal standing, but it does little to restore trust. The $3 million drain—nearly half the amount raised—will likely prompt tighter due diligence from future investors and partners.

As Blockaid continues to analyze the attack vector, the crypto community watches closely. The Squid hack is not just another exploit; it is a signal that the industry's security practices must evolve to match the complexity of its ambitions.

1. Squid lost $3M to an exploit targeting a third-party liquidity module, not its core contracts.
2. The attack occurred within 24 hours of a $6M funding round led by North Island Ventures and Ripple.
3. 86 Gnosis Safes were drained; stolen tokens were swapped to DAI via Uniswap V3 pools.
4. The incident highlights the risk of integrated third-party components in DeFi.
5. Experts recommend treating AI agents and automated modules as untrusted components with minimal permissions.

Sources:
Cryptonews.com - Ripple North Island Squid Crypto $10M Exploit
CoinMarketCap - AI Agent Security Systems Overhaul
Cryptonews.com - ChatGPT AI Predicts XRP Price